Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
980
Views
0
Helpful
3
Replies

Easy vpn pix 506 ASA 5510 with only preshare key

jouelle666
Level 1
Level 1

‎09-11-2009 11:16 AM

Hi,

I have a question: I have 2 sites: Site A with a PIX 506 as a easy vpn client and site B with a PIX 515 as a easy vpn server . Both running 6.3 IOS.

I plan to replace the Pix 515 with a ASA 5510 running IOS version 8,x.

The setup of the vpn client is

vpnclient server xxx.xxx.xxx.xxx

vpnclient mode network-extension-mode

vpnclient vpngroup xxxx password xxxx

vpnclient enable

The easy vpn server is :

vpngroup xxxx address-pool ippool

vpngroup xxxx dns-server xxx.xxx.xxx.xxx

vpngroup xxxx default-domain xxx.com

vpngroup xxxx split-tunnel xxx

vpngroup xxxx idle-time 86400

As you see, there is no user needed, the client connect with only the preshare key.

I try to duplicate with my ASA:

access-list ezvpn1 extended permit ip any xxxxxx

group-policy myGROUP internal

group-policy myGROUP attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value ezvpn1

secure-unit-authentication disable

nem enable

webvpn

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto dynamic-map dynmap 30 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap interface outside

isakmp enable outside

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption des

isakmp policy 1 hash md5

isakmp policy 1 group 2

isakmp policy 1 lifetime 86400

isakmp policy 65535 authentication pre-share

isakmp policy 65535 encryption 3des

isakmp policy 65535 hash sha

isakmp policy 65535 group 2

isakmp policy 65535 lifetime 86400

tunnel-group acces_strom type ipsec-ra

tunnel-group acces_strom general-attributes

default-group-policy myGROUP

tunnel-group xxxxxx ipsec-attributes

pre-shared-key xxxxxx

Can I configure the easy vpn server on my ASA to only use the preshare key? It require a username. Or add a user on my easy vpn client configuration.

Can I configure the pix 506 as a easy vpn server, I will open a vpn session then add the user in the config? I don't want to down the vpn between the 2 site, The remote site is 3 hour from here.

I will replace the 506 with the 515 in the future and configure a L2L vpn.

Thanks

Labels:
0 Helpful
3 Replies 3

anujarora
Level 1
Level 1

‎09-12-2009 04:22 AM

hiiiii

what vpn all about?

0 Helpful

jouelle666
Level 1
Level 1
In response to anujarora

‎09-15-2009 05:06 AM

Ok,

Can I configure pix 506 as an easy vpn server and access it remotely even if it is already configured as an easy vpn client and connected to my pix 515?

0 Helpful

jouelle666
Level 1
Level 1

‎09-24-2009 12:37 PM

I have the read the PIX/ASA 7.x Easy VPN with an ASA 5500 as the Server and PIX 506E as the Client (NEM) Configuration Example

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805c5ad9.shtml#NetPro

I saw the example PIX-to-PIX 6.x: Easy VPN (NEM) Configuration Example

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008019e6d7.shtml

That is like my actual pix to pix configuration.

But can I configure my ASA 5510 as a easy vpn server without the user authentication?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents